Skip to content

Issues: OWASP/ASVS

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

48 Open 1,280 Closed
48 Open 1,280 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Where to move or what to do with V3.5 section (tokens section in session management chapter) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2384 opened Nov 18, 2024 by elarlang
4
Crypto appendix - mention missing mechanisms 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2380 opened Nov 17, 2024 by randomstuff
3
Abstract requirement for "tokens can be used only for the intended usage" (move or duplicate 51.1.1) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 4) proposal for review Issue contains clear proposal for add/change something V3 V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2379 opened Nov 16, 2024 by elarlang
8
V1.6 cleanup from non-documentation requirements 2) Awaiting response Awaiting a response from the original poster V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2376 opened Nov 14, 2024 by elarlang
@danielcuthbert
6
V6 - "Stored cryptography" vs "cryptography" 4) proposal for review Issue contains clear proposal for add/change something 5) awaiting PR A proposal hs been accepted and reviewed and we are now waiting for a PR V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2375 opened Nov 13, 2024 by randomstuff
4
Crypto appendix - give alias names for groups 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2374 opened Nov 13, 2024 by randomstuff
@danielcuthbert
2
Add token requirement for intented audience 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 4) proposal for review Issue contains clear proposal for add/change something V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2363 opened Nov 9, 2024 by TobiasAhnoff
@randomstuff @TobiasAhnoff
@ryarmst @elarlang
15
Add access token requirement for preventing "key confusion" V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2361 opened Nov 9, 2024 by TobiasAhnoff
@TobiasAhnoff @ryarmst @elarlang
12
Add access token requirement for strong alg and "None" 2) Awaiting response Awaiting a response from the original poster V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2360 opened Nov 9, 2024 by TobiasAhnoff
@TobiasAhnoff
8
Link new requirements to CREs 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#2334 opened Nov 7, 2024 by cronchie
1
V3 - Update section text for V3.6 and/or corresponding security decision 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2321 opened Nov 7, 2024 by ryarmst
V6 - Proper/safe MAC usage (in contrast to digital signatures) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2310 opened Nov 6, 2024 by randomstuff
@danielcuthbert
1
V6 Verify that (TLS) certificates are validated 5) awaiting PR A proposal hs been accepted and reviewed and we are now waiting for a PR V9 _5.0 - prep This needs to be addressed to prepare 5.0
#2309 opened Nov 6, 2024 by randomstuff
@randomstuff
16
V7 Add transient error handling 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet next meeting Filter for leaders V7 Temporary label for grouping logging related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2281 opened Nov 6, 2024 by cronchie
@cronchie @elarlang
5
V6 Cryptography - Perfect Forward Secrecy 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2252 opened Nov 5, 2024 by danielcuthbert
@danielcuthbert
9
V6 - Requirement mitigating against rerouting/Selfie attacks in when using TLS PSK authentication with group membership 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V9 _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2216 opened Nov 2, 2024 by randomstuff
3
V6 - Discuss forward secrecy 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2215 opened Nov 2, 2024 by randomstuff
@danielcuthbert
6
Handle Glossary _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#2201 opened Oct 28, 2024 by tghosth
@ryarmst
1
review V51.4.3 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2183 opened Oct 22, 2024 by elarlang
@randomstuff @TobiasAhnoff @elarlang
15
2.10.4 and 6.4.1 seem like duplicates 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos 4a) Waiting for another This issue is waiting for another issue to be resolved V6 V14 _5.0 - prep This needs to be addressed to prepare 5.0
#2130 opened Oct 8, 2024 by tghosth
@tghosth
23
V51 OAuth: discuss verification of the user consent 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V8 V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2120 opened Sep 26, 2024 by randomstuff
@randomstuff @elarlang
38
Link checker is temperamental and apparently deprecated GH_ACTIONS MAKEFILE _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1990 opened Jul 10, 2024 by tghosth
@ike
13
proposal/discussion: JWT - 3.5.6 rephrase it to describe the goal and/or split to different requirements based on different goals 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V3 _5.0 - prep This needs to be addressed to prepare 5.0
#1967 opened May 21, 2024 by elarlang
@csfreak92 @elarlang
11
proposal/discussion: OAuth - disallow web application to be OAuth public client (and to have direct communication with OAuth token endpoint) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#1963 opened May 19, 2024 by elarlang
@elarlang
8
Tracking supporters _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1888 opened Mar 13, 2024 by tghosth
@tghosth
10
ProTip! What’s not been updated in a month: updated:<2024-10-18.